Categories ArticlesSecurity

A lot not to like: Analysis of recent Facebook data breach

The fallout from the recent Facebook data breach that came to light as the year ended is still ongoing. Facebook has already suffered more than its share of painful and embarrassing breaches of its users’ data security and privacy. In the latest blow, hundreds of millions of users’ personal data including phone numbers linked to Facebook accounts were leaked online.

The list of phone numbers was completely public and was available for almost everyone on the Internet without any authentication or encryption. This is the biggest online data leak for Facebook since the infamous Cambridge Analytica scandal.

How did this happen?

More than 419 million Facebook users’ information such as phone number, gender, Facebook account IDs, and more were leaked online free to be accessed by anyone. This means anyone looking at these websites’ database would have been able to explore the data of millions of users without any form of authentication or passwords.

The incident was first uncovered by Sanyam Jain, a security analyst, researcher, and a member of the GDI Foundation. Soon after he found these databases, he contacted TechCrunch to help him further investigate the issue. As per TechCrunch, neither GDI foundation nor the TechCrunch team themselves was able to track down the owner of the data.

They soon contacted the hosting provider of the leak and the database was pulled offline. Zack Whittaker from TechCrunch broke the news and added that “multiple databases across the globe have been included in the leak. This included 133 million records on US-based Facebook users, 18 million records of UK users and over 50 million records of Vietnamese users.”

The investigation by TechCrunch also confirmed that the data leaked was authentic and original. However, it is unknown at this time who leaked the data and from where the hackers acquired it. The server was not a Facebook-owned one, however.

Facebook responds

A Facebook spokesperson told CNN, “This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.” Facebook said that the actual number of accounts in the data breach was approximately 210 million as the 419 million records contained duplicates, although that claim cannot be verified.

How does the data leak impact normal users

Private information such as phone numbers can lead to various security threats and inconvenience like identity theft and call or SMS spamming. Users can also be a victim of SIM-swapping attacks using which attackers can force-reset all the passwords on all the online accounts associated with the numbers.

Moreover, many security experts strongly believe that just the phone number can expose many personal details and can even lead to identity theft. Attackers can also access information such as the current address, past addresses, past phone numbers, property-related information, criminal records, and even more.

Facebook has been under the glaring spotlight repeatedly in recent years due to the data breaches and compromised security systems. This recent incident seems to have worsened the situation for the social media giant.

Featured image: Shutterstock

Sukesh Mudrakola

Sukesh is a computer science graduate by profession and an IT enterprise and tech enthusiast by passion. He holds an expertise in mobile and wearable technologies and is an avid Android fan.

Share
Published by
Sukesh Mudrakola

Recent Posts

Managing Azure VMs with System Center Virtual Machine Manager

You may not know it, but System Center Virtual Machine Manager can be used for…

14 hours ago

Best and most secure VPN services for small businesses

As we adjust to a new remote work culture due to coronavirus, a secure VPN…

18 hours ago

Exchange security: Get your SPF, DMARC, and DKIM records in place

Every Exchange admin lives with the constant fear their system will be breached. Having SPF,…

21 hours ago

GE data breach exposes thousands of employee records

A GE data breach exposed a hacker’s treasure trove of employee records, including Social Security…

2 days ago

Getting speed and consistency using Linux text editors and console

Ready to go back to the future? Here’s a look at some Linux text editors…

2 days ago

Amazon GuardDuty unveils new, lower pricing tiers

The Amazon GuardDuty threat-detection service has unveiled some lower price tiers, which will be especially…

2 days ago